This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 93%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
To whom it may concern,
I recently updated to the latest version of Teams on Linux, i.e. 1.3.00.30857. This resulted in Teams no longer starting. When looking closer into things, I found the following message in $HOME/.config/Microsoft/Microsoft Teams/logs/teams-startup.log :
[4706:1208/095531.157346:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/share/teams/chrome-sandbox is owned by root and has mode 4755.
After changing /usr/share/teams/chrome-sandbox to have access permissions 4755 (rwsr-xr-x), I was able to launch Teams.
However, setting the setuid bit on this file and having it owned by root seems like a security concern. Especially since I have numerous other electron apps installed, and none of them require this change in configuration despite also using chrome-sandbox.
I'd be grateful if you could either fix this so that changing the file permissions is not required, or provide an explanation as to why this is necessary for MS Teams but not for any other electron apps, e.g. VS Code which is also one of your products.
Yours faithfully,
Thomas Hansen
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 1%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERT%3C/text%3E%3C/svg%3E)
Hello @Thomas Hansen .
The reason why vscode does not need these permissions is because it runs with --no-sandbox argument. You could also avoid the issue by enabling the unprivileged user namespaces in you kernel (if supported). For reference you can see details about chromium sandboxing options in Linux here. In your case the setuid sandbox requires the binary with correct permissions.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 24%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Hi @Thomas Hansen ,
Have you tried to run the app with the –no-sandbox argument?
Considering the security is a serious concern to you, I would suggest either sticking with a previous release or using the open source “teams-for-linux” package which still works fine. For more discussion about this issue, you can refer to:
https://aur.archlinux.org/packages/teams/
For more details about sandbox description, you can learn it from:
https://chromium.googlesource.com/chromium/src/+/master/docs/design/sandbox.md#Overview
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Thomas Hansen ,
Any update?